Search the Community

Howdy Hak5 folks.. Well, I'm expected some "try harders" and other such encouragement :)..I'm at the very tail end of the CPT exam. If anyone is unsure of it, first part is multi-choice (aced it!) ..second is compromising two VM's..got first in minutes happy to say..the second one......here is where I'm losing my hair very quickly. The objective is root password on both vm;s...this second one is where I seem to be hitting a dead end, and this is the first reaching out for help attempt. Basically, from what I can gather, this particular vm needs to be compromised via a local exploit be it privy escalation, shellcode yadda yadda..I have tried (I think) most methods that I can figure out (at my level at least) and just getting killed with each attempt. Not looking for someone to spell it out for me, after all I've been at this VM for 2 weeks now before asking for some guidance. So I'm happy to start a dialogue with anyone interested to help. I'll spill some of the VM details here and if someone is kind enough to brainstorm with me, it would be much appreciated. Cheers VM Info: Red Hat Linux 9 (Shrike) Kernel 2.4.20-8 i686 athlon i386 (bear in mind this is on a VMWare Workstation, host is AMD chip fyi) gcc 3.2.2 2 non-root accounts have been acquired, no sudo privileges, long story short, these accounts can't do squat The accounts allow direct (local) access on the vm, or via ssh etc. from attack VM Tried out about 12 known exploits (mainly exploit-db et.al) for OS version and kernel The discovered services have some minor-medium level vulnerabilities, but none from what I can tell help to getting to root/shadow file. FYI, for the exploits tried, (I'm a sooper noob with shellcode, but learning fast and taking ANOTHER course fml) some backfired entirely, some compiled but failed to run, some compiled ran but seg-faulted etc etc, so they may work and I'm just inexperienced at compiling or altering them appropriately I've done some local enumeration of possible config, suid etc etc flaws but cant really determine an approach Think that about does it for a 'where I'm at'...like I said, I actually dont really want the "Here's how.." but some discussion or tips would really be appreciated. Just kinda fried and probably overthinking but having trouble getting focused and feel kinda burnt as far as ideas go.

I built a PirateBox last year and I want to take the concept and expand it. I'm talking about a wireless network that has no access to the internet, but has local sites(wiki pages, blogs, chat rooms, filesharing) and people can communicate over it. Unfortunately, I don't have the resources to complete this project to my desired end right now, but that's not going to stop me from getting started. My idea is to deploy this in my college campus. I'm not transferring into a university for at least another year; this would be something fun to work on and keep my head focused on what I love to do. I'll start simple: a basic form of filesharing, a way to chat, and of course an imageboard. I'm thinking I'll take an old computer and turn it into a dedicated webserver(linux?) and connect it to a router. I'd love to find a cheap, yet fast, router that can run dd-wrt or openwrt. Ideally, I want to make the project easily expandable. Where all I need is to add more, better equipment and be able to handle more users without much lag. I know Darren was speaking about projects like this in a talk he did at some hackerspace(Hak5 1426.3), yet I've found little on the web on it. I probably don't know what I'm looking for. I'd love any input and help from the hak5 community. Thanks in advance! Edit: They're called Mesh Networks

I know how to edit the systems hosts file to point a url to a local server rather than a public dns... Can I direct a path to a file on the same machine EX: If i open firefox and go to www.wikipedia/elephants.com i want it to open the saved version i have in my documents rather than the ip address of wikipedia.

I've read most of the forum posts about the various ways to setup and configure a Captive Portal on the Mark IV... I'm purchasing an Elite WiFi Pineapple Mark IV Kit in a few weeks and I'd like to setup some sort of system, so when people join my Pineapple they're greeted by a nice Local Web Page explaining some details about the free hotspot project going on around the state blah blah blah. It's not for phishing or hiding scripts etc... but more for giving the information that I want to get out there. I would like for users to have the option of completely ignoring the page if they want, or reading it. There will be no authentication or any restrictions on data and available websites etc... It would be great if my created page could be the first thing people see when they open their browser or try to load Google for example, but have the ability to read(not read) and move on. Does anyone know what's going on with the Captive Portal Module, or better yet; does anyone know how I could easily go about setting this up? As always any help is greately appreciated. P.S. Oh and I'm going to say I'm praying for all you Americans out there. Terrorists suck!